Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0172

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0172
Last Modified 07 Mar 2011 10:04:04
Published 17 Jan 2008 06:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0172

Summary

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

Vulnerable Systems

Application

  • Boost 1.33

  • Boost 1.34


References

CONFIRM - https://issues.rpath.com/browse/RPL-2143

VUPEN - ADV-2008-0249

UBUNTU - USN-570-1

BID - 27325

CONFIRM - http://svn.boost.org/trac/boost/changeset/42745

CONFIRM - http://svn.boost.org/trac/boost/changeset/42674

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=205955

FEDORA - FEDORA-2008-0880

BUGTRAQ - 20080213 rPSA-2008-0063-1 boost

MANDRIVA - MDVSA-2008:032

GENTOO - GLSA-200802-08

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0063

SECUNIA - 29323

SECUNIA - 28943

SECUNIA - 28860

SECUNIA - 28705

SECUNIA - 28545

SECUNIA - 28527

SECUNIA - 28511

SUSE - SUSE-SR:2008:006

Related Patches

Red Hat 2012:0305-03 RHSA Low: boost security and bug fix update for RHEL 5 x86

Red Hat 2012:0305-03 RHSA Low: boost security and bug fix update for RHEL 5 x86_64

Novell SUSE 2008:4978 boost security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:42